Jenkins is great at telling me when there are updates available for Jenkins's core or when there are security vulnerabilities in plug-ins. This it does with a "nice-fat-red" number of vulnerabilities on the top of the web page when I am logged in. And when one clicks on that, you get a nice synopsis such as:
<https://i.stack.imgur.com/BviMV.png> (Yes, I've already updated my Jenkins instance to patch these issues, post screen-shot). However, I cannot find any system setting or plug-in which will notify me (presumably via email) when there is a core or plug-in update which is available to mitigate a vulnerability, or even when there are ANY updates to apply. I have used the CLI (via SSH) to find a way to list the plug-ins with updates available, as in this very hackish approach which relies on the formatting of the list-plugins command: $ ssh -l USER -p PORT JENKINS.domain list-plugins | egrep '\([0-9.]+\)' | sort ant Ant Plugin 1.9 (1.10) antisamy-markup-formatter OWASP Markup Formatter Plugin 1.5 (1.6) branch-api Branch API Plugin 2.5.3 (2.5.4) ... But I have not found any way via the CLI to: - distinguish between security updates and general/feature updates - identify core updates I've also looked at the jenkins log (/var/lib/jenkins/jenkins.log on Ubuntu) to no avail. *Specific question*: Is there a setting (and I've looked extensively) or plug-in (or even CLI method) which will provide the warnings / vulnerabilities without being forced to login to Jenkins' web interface and look manually? Yes, I'm subscribed to the "Security advisories" mailing list <https://groups.google.com/forum/m/#!forum/jenkinsci-advisories>, and while it provides indications of core updates w.r.t. vulnerabilities, it's not as helpful for plug-ins - that is, not only would I have to look at all the plug-ins that are listed as being patched, but it doesn't, AFAICT, tell me when there are unpatched vulnerabilities. *General question*: How should I go about ensuring that my Jenkins installation is automatically kept up-to-date, including all plug-ins? Ideally this would be with respect to security vulnerabilities only, leaving feature updates aside. -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/04730f67-7b82-43ff-8f2a-ee5ccc421170%40googlegroups.com.
